CVE-2024-0650 | Project Worlds Visitor Management System 1.0 URL dataset.php name cross site scripting

Inserito da Angelo Barbosa | Gen 17, 2024 | CVE

A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "><script>alert('torada')</script> leads to cross site scripting.

This vulnerability is traded as CVE-2024-0650. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-0650 | Project Worlds Visitor Management System 1.0 URL dataset.php name cross site scripting

Post correlati

CVE-2023-48760 | Crocoblock JetBlocks for Elementor Plugin on WordPress authorization

CVE-2024-4209 | Kadence Gutenberg Blocks Plugin up to 3.2.36 on WordPress Countdown Timer cross site scripting

CVE-2024-30539 | Awesome Support Team Awesome Support Plugin up to 6.1.7 on WordPress authorization

CVE-2024-3230 | Download Attachments Plugin up to 1.3 on WordPress cross site scripting